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Finding  an  appropriate  representation  of  planning  operators  is  crucial  for  theorem  provers 
that  work  with  proof  planning.  We  show  a  new  representation  of  operators  and  demonstrate 
how  diagonalization  can  be  represented  by  operators.  We  explain  how  a  diagonalization 
operator  used  in  one  proof-plan  can  be  analogically  transferred  to  an  operator  used  in  another 
proof-plan.  Finally,  we  find  an  operator  that  is  common  to  all  the  proof-plans  and  thus  might 
be  considered  as  the  Diagonal  Method. 
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1  Introduction 

As  pointed  out  by  Bundy  [3]  and  Bledsoe  (1],  using  proof-plans  is  often  very  helpful  in 
automated  deduction.  In  planning,  operators  are  needed  and  therefore  an  appropriate  rep¬ 
resentation  of  these  operators  is  crucial  for  proof  planning.  The  operators  have  the  same 
function  in  proof  planning  as  mathematical  methods  (in  the  following  referred  to  as  m- 
methods)  have  in  human  theorem  proving.  Since  m-methods  can  be  adapted  to  different 
proofs,  it  is  also  desirable  to  have  mechanisms  for  adapting  operators.  To  be  employed  by  a 
human-oriented  theorem  prover,  these  operators  should  allow  for  representing  logical  proof 
methods,  such  as  Indirect  Proof,  and  mathematical  methods,  such  as  Cantor’s  Diagonal 
method. 

In  this  paper  we  examine  whether  the  presented  representation  actually  covers  math¬ 
ematician’s  methods  and  how  the  methods  can  be  adapted  for  other  proof  plans.  We  do 
this  by  analyzing  the  well-known  Diagonal  Method  which  is  central  and  widely  applicable 
in  many  mathematical  proofs  concerning  computability  and  decidability,  including  Godel’s 
Incompleteness  theorem  for  arithmetic,  the  Unsolvability  of  the  halting  problem,  Rice’s  the¬ 
orem  (see  [5]),  and  the  Second  Recursion  theorem  (see  [5]).  Although  this  m-method  seems 
to  be  clearly  understood,  not  all  proofs  have  an  obvious  common  proof  schema,  and  some 
proofs  are  difficult  to  generate  in  logical  detail. 

After  defining  our  representation  of  operators  by  methods ,  we  investigate  several  proofs 
in  which  mathematicians  have  used  diagonalization.  We  sketch  these  proofs  and  show  which 
methods  belong  to  the  respective  proof-plans.  We  also  discuss,  how  a  method  from  the  proof- 
plan  for  Cantor’s  theorem  can  be  transferred  to  a  method  for  a  proof-plan  of  the  halting 
problem  and  of  Godel’s  First  incompleteness  Theorem.  Finally,  a  comparison  of  the  methods 
yields  a  new  method  that  is  common  to  all  the  proofs  and  which  might  be  considered  as  the 
Diagonal  Method. 


2  Representation  of  Methods 

First  we  give  a  brief  definition  of  methods  that  allow  for  reformulation  (For  more  details  see 

[6,  8]). 

Sequents  P,  written  as  ( ass  I-  cone/),  are  pairs  of  a  set  ass  of  formulas  and  a  formula 
concl  in  an  object  language  that  is  extended  by  meta-variables  for  formulas,  sets  of  formulas, 
and  terms1.  As  an  abbreviation,  we  shall  display  formulas  F  instead  of  sequents  (0  h  F ). 

Methods  M  are  frame-like  structures  similar  to  Bundy’s  methods  in  [3j.  Methods  have  the 
slots  parameter,  preconditions  (pre(M)),  postcondition  (post(M)),  constraints,  proof  schema 
and  procedure.  Preconditions  is  a  set  of  sequents,  postcondition  is  a  sequent;  both  pre-  and 
postconditions  are  needed  in  planning.  Constraints  are  formulated  in  a  meta-language  and 
serve  to  restrict  the  search  during  planning  and  may,  e.g.,  express  restrictions  of  pre(M)  and 
post(M).  The  proof  schema  is  a  declarative  schematic  representation  of  incomplete  proofs2 


1(as*  h  concl)  expresses  “ concl  is  inferred  from  ass”. 

incomplete  in  the  sense  that  it  may  have  nonaxiomatic  preconditions  and  may  be  incorrect. 
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in  the  object  logic,  rt  ..g  on  the  Nat  viral  Deduction  (ND)  calculus.  The  lines  of  the  proof 
schema  may  contain  method  names  as  the  justification  for  am  inference,  hence  methods  are 
recursively  defined,  with  basic  methods  corresponding  to  basic  ND-inference  rules.  These 
inference  rules  axe  implemented  ais  schemas  with  meta- variables  amd  justify  any  inference 
that  cam  be  obtained  by  instamtiating  meta-variables  in  the  schema.  Like  for  a  Hoare  triple, 
after  applying  the  proof  schema  to  pre(M),  post(M)  should  result.  The  program  in  the  slot 
procedure  executes  the  application  of  the  proof  schema  by  interpreting  the  proof  schema. 
The  structural  template  for  methods  is: 


method:  name  of  the  me+fc  < 

parameter 

parameters  u  be  instantiated 

preconditions 

preconditions  tha‘  fwe  to  be  true  for  the  method  to  be 
applicable 

postcondition 

postconditions  that  should  be  fulfilled  after  the  method 
application,  e.g.,  a  derived  sequent 

constraints 

meta-language  constraints  that  nay  restrict  pre-  and  post¬ 
conditions,  parameter 

proof  schema 

a  declarative  proof  schema 

procedure 

procedure  that  interprets  the  proof  schema 

The  proof  schema  of  a  method  M  may  contain  so-cailled  LEMMA-lines  in  which  an 
element  of  pre(M)  occurs  amd  that  have  LEMMA  as  their  justification.  The  proof  schema 
of  a  method  may  also  have  PLAN-lines,  that  contain  a  method-variable  PLANi  as  the 
justification,  which  meams  that  the  method  to  be  applied  is  not  specified.  A  method  with  a 
PLAN-line  is  considered  equivalent  to  the  method  for  which  the  PLAN-line  is  replaced  by  a 
LEMMA-line  and  that  contains  the  sequent  of  the  PLAN-line  as  a  precondition. 

A  method  M  is  verifiable  if  it  cam  recursively  be  checked  that  for  every  instantiation 
of  the  meta-variables  the  method  is  correct,  i.e.,  it  yields  a  correct  proof  of  post(M)  when 
applied  to  pre(M)  in  case  the  constraints  are  satisfied. 

The  methods  defined  here  differ  from  those  in  [3]  mainly  in  that  the  tactic  slot  is  replaced 
by  a  declarative  proof  schema  and  a  procedure  interpreting  this  schema.  The  intention 
behind  this  difference  is  to  enable  reformulations  of  methods. 

3  The  Diagonalization  Methods 

We  want  to  check  whether  the  definition  of  methods,  as  described  above,  is  an  appropriate 
representation  for  m-methods.  To  that  end  we  investigate  some  proofs  in  which  mathemati¬ 
cians  have  used  diagonalization.  Usually  diagonalizations  proceed  by 

supposing  ai,a2...  is  an  enumeration  of  objects  of  a  certain  kind.  Then  an  object  a  of 
the  same  kind  is  constructed,  that  is  different  from  every  a„  using  the  following  principle: 
“Make  a  and  an  differ  at  n.”  The  interpretation  of  differ  at  n  depends  on  the  kind  of  object 
involved. 

In  the  following  we  examine  proofs  of 
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1.  Cantor’s  Theorem,  which  states  that  for  any  set  M  the  cardinality  of  M  is  smaller 
than  the  cardinality  of  the  powerset  VM  of  M, 

cardM  <  cardPM  (see  [2]) 

2.  Uncountability  of  the  set  of  real  numbers  (actually  the  interval  [0  1]),  which 
means  that  card  N  <  card  (0, 1]  (see  [4]) 

3.  Unsolvability  of  the  Halting  Problem  for  Turing  machines,  which  means  there 
is  no  algorithm  (no  t-computable  function)  to  determine  whether  an  arbitrary  Turing 
machine  in  an  arbitrary  configuration  with  a  finite  length  of  nonblank  tape  symbols 
will  eventually  halt  (see  (7j).  That  is,  no  t-computable  function  c3  exists  with 

,  .  .  f  1  :  t  does  not  halt  with  confy 

c(t,  confv)  -  |  0  .  t  halt&  with  confi 

4.  Godel’s  Incompleteness  theorem  for  S,  which  states  that  there  is  a  sentence  in 
the  language  of  arithmetic  S  with  addition  and  multiplication  that  is  not  provable  in 
S  neither  is  its  negation(see  [10]). 

3.1  The  Proof  Sketches 

Throughout  the  paper  (M  N)  denotes  the  set  of  functions  from  M  to  N. 


3.1.1  cardM  <  cardPM 
1.  Unfold  definition 

The  theorem  cardM  <  cardPM  is  rerepresented  by  applying  the  definition  of  the 
partial  order  of  cardinals  to  the  theorem: 

There  is  a  one-to-one  correspondence  from  all  elements  of  M  to  a  subset  of  PM,  but 
no  one-to-one  correspondence  from  all  elements  of  VM  to  a  subset  of  M.  Since  the 
proof  of  the  first  part  is  trivial,  the  task  can  be  reduced  to  prove 
~'3fVx3y(f  €  (M  VM)  A(i£  VM  — ►  y  €  M  A  f(y)  =  x)). 


2.  Indirect  proof 

Derives  ->3fVx3y(f  €  (M  >-*  VM)  A  (x  €  VM  — ►  y  G  M  A  f(y)  =  x))  via  a  contradic¬ 
tion.  This  means,  the  indirect  assumption4  is 

Vx3 y(x  6  VM  —*  y  €  M  A  F(y)  =  x),  for  a  function  F  €  (M  ^  VM). 


3.  Method  Dl  yields  the  contradiction.  In  more  detail,  DI  includes  the  derivations  of 
(a)  the  existence  of  a  function  G(x)  with  G(x)  =  nonF(xx)  with 


0  :  i^O 
1  :  x  =  0 


3c  would  be  the  characteristic  function  of  the  halting  problem. 

4We  call  the  negations  of  the  theorem  to  be  proved  by  an  indirect  proof  the  indirect  assumption. 
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By  using  the  precondition  (0):  Wg(g  E  VM  — »  Vx(x  €  M  — ►  y(x)  6  {0,1})), 
which  is  part  of  the  representation  lemma  for  VM,  the  indirect  assumption  is 
expressed  by 

->3/Vx3y(/  E  (M  •-+  M  •->  {0, 1})  A  (x  €  VM  —*  y  E  M  A  /(y)  =  x)).  Thus  the 
application  of  a  comprehension  axiom  becomes  possible. 

Preconditions  for  this  step  are  (0),  the  indirect  assumption  and  the  comprehen¬ 
sion  axioms5  for  non  and  compound  functions. 

(b)  Vx(x  €  M  -  (F(x)(x)  =  0  -  G(x)  =  1)  A  (F(z)(z)  #  0  -  G(x)  =  0)). 
Preconditions  are  (a)  and  the  definitions  of  non  and  G. 

(c)  G(x)  €  "PM.  Preconditions  for  this  step  are 

(2):  VgVx(x  E  Af  — *  y(x)  G  {0,1})  — » ►  g  €  VM)  and  1,0  €  {0,1}. 

(d)  F(x0)(x0)  =  G(xo).  Preconditions  are  the  indirect  assumption  and  G  E  PAf. 

(e)  X  is  proved  in  two  steps  from  F(ioXo)  V  -’F(x0x0): 
derive  X  from  F(x0x0)  =  0  and 

derive  X  from  F(x0x0 )  ^  0.  Preconditions  axe  (c),  (b),  the  definition  of  F, 

1  0,  Vx(x  =  x). 

The  precondition  Vg(g  E  VM  «-*•  (Vx(x  E  M  — *  g(x)  E  {0,1}))),  i.e.  (0)  and  (2),  is  a 
representation  lemma  that  states  that  each  subset  of  M  can  be  represented  as  a  function 
from  (M  >->  {0, 1}).  Figure  1  shows  the  proof  structure  of  the  proof  of  Cantor’s  theorem  as 
well  as  of  the  proof  of  the  uncountability  of  IR. 


Figure  1:  Proof  Structure  of  Cantor’s  Theorem 


5This  idea  is  due  to  X.Huang  and  M.Kerber  who  also  gave  an  ND-proof 
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3.1.2  card  If  <  card[0, 1] 

1.  Unfold  definition 

The  theorem  card  N  <  card[0, 1]  is  rerepresented  by  applying  the  definition  of  the 
partial  order  of  cardinals  to  the  theorem: 

There  is  a  one-to-one  correspondence  from  all  elements  of  K  to  a  subset  of  [0,1],  but 
no  one-to-one  correspondence  from  all  elements  of  [0, 1]  to  a  subset  of  N .  Since  the 
proof  of  the  first  part  is  trivial,  the  task  cam  be  reduced  to  prove 
-i3/Vx3y(/  €  (N  *-»  [0, 1])  A  (x  €  [0, 1]  -*■  y  €  If  A  f(y)  =  x)). 

2.  Indirect  proof 

Derives  ~’3/Vx3y(/  G(Kh  [0,1])  A  (x  €  [0, 1]  — *  y  €  IN  A  f(y)  =  x))  via  a  contradic¬ 
tion.  The  indirect  assumption  is  Vx3y(x  €  [0, 1]  — *  y  €  IN  A  F(y)  —  x )  for  a  function 
constant  F  €  <N  -> [0. 1]). 

3.  Method  D2  yields  a  contradiction.  In  more  detail,  D2  includes  the  derivations  of 

(a)  the  existence  of  a  function  G(x )  with:  G(x)  =  nonF(xx)  for 

,  s  /  0  :  x  /  0 
n0nW  =  (l  :  2  —  0 

By  using  the  precondition  (0):  Vg(ff  6  [0,1]  — ►  Vx(x  €  N  — »  g(x)  6  {0...9})), 
which  is  part  of  the  representation  lemma  for  [0,1],  the  indirect  assumption  can 
be  written  as 

-3/Vx3y(/  6  (If  H4  If  {0. .  .9})  A  (x  €  [0, 1]  -  y  €  If  A  f(y)  =  *)).  Thus 
the  application  of  a  comprehension  axiom  becomes  possible.  Preconditions  for 
this  step  are  (0),  the  indirect  assumption  and  the  comprehension  axioms  for  non 
and  compound  functions. 

(b)  3jfVx(x  €  N  -» (F(x)(x)  =  0-  G(x)  =  1)  A  (F(x)(x)  ^  0  -  G(x)  =  0)). 
Preconditions  for  this  step  are  (a)  and  the  definitions  of  non  and  G. 

( c )  G(x)  €  [0, 1].  Preconditions  for  this  step  are 

(2):  VgVx(x  €  If  — +  g(x)  €  {0 . . .  9})  -*  g  €  [0, 1])  and  1, 0  6  {0 ...  9). 

(d)  F(x o)(xo)  =  G(x0).  Preconditions  are  the  indirect  assumption,  and  G  €  [0,1]. 

(e)  J_  is  proved  in  two  steps  from  F(x oio)  V  F(x oXo): 
derive  ±  from  Fx0x0  =  0  and 

derive  J_  from  Fx0x0  ^  0.  Preconditions  are  (c),  (b),  the  definition  of  F, 

1  ^  0,Vx(x  =  x). 

Figure  1  also  shows  the  proof  structure  of  the  IR-proof  for  VM  is  replaced  by  [0,1].  The 
precondition  Vg(g  €  [0,1]  *-*  (Vx(x  €  If  — ♦  ^(x)  €  {0,1})))  is  given  by  a  representation 
lemma  that  states  that  each  real  number  in  [0,1]  can  be  represented  as  a  function  from 
(U^{0...9». 
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3.1.3  Unsolvability  of  the  Halting  Problem 

We  follow  the  proof  of  the  halting  problem  in  [2].  Prior  to  conducting  the  proof,  a  Godel 
enumeration  of  the  configurations  is  assumed  and  the  fact  that  Turing  machines  are  t- 
computable  functions.  Consequently  “t  halts  on  configy ”  is  equivalent  (modulo  the  pre¬ 
sumed  theory)  to  u%)  is  defined”  and  “f  does  not  halt  on  configy"  is  equivalent  to  at{y)  is 
undefined”  for  y  £  N,  and  thus  the  halting  problem  can  equivalently  rerepresented  as 
There  is  no  t-computable  function  c  such  that  for  y  £  N 


cm)  = 


f 


0  :  t(y)  defined 

1  :  t(y)  undefined 


That  is,  the  theorem  is  then  3c->(c  £  T  A  Vt,  n(t  £  T  A  n  £  N  — *  (c(t(n))  £  {0, 1}))),  where 
c  £  T  means  c  is  t-computable.  Assuming  a  Godel  enumeration  F  of  Turing  machines,  each 
Turing  machine  tm  is  an  F(m)  for  and  F(mn)  = 


1.  Indirect  proof 

derives  the  theorem  via  contradiction,  starting  with  the  indirect  assumption 
c  €  T  A  Vt,n(t  £  T  A  n  £  N  — »  (c(f(n))  £  {0, 1})). 

2.  Method  D3  infers  a  contradiction  from  the  indirect  assumptions  (c  £  T)  and  (0): 
Vt,n(f  £  T  A  n  G  N  (c(t(n))  6  {0, 1})).  In  more  detail,  D3  includes  the  derivations 
of 


(a)  the  existence  of  G(x)  =  non  F(xx),  where 


non 


0  :  x  undefined 

undefined  :  x  defined 


Preconditions  are  the  definitions  of  non  and  F. 

(b)  ( G  £  T).  It  is  shown  that  since  c  is  t-computable,  non  is  t-computable,  and  so  is 
the  composition  of  non,  F. 

(c)  Vx(x  €  IN  -»  (c(Fxx)  =  0  -»  c{Gx)  =  1)  A  (c(Fxx)  ^  0  -+  c{Gx)  =  0)). 
Preconditions  are  (a)  and  the  lemma  (8):  Vx((cx  =  0  — *  cnon(x)  =  1)  A  (cx  ^ 
0  — v  c  non(x)  =  0))  that  can  be  derived  from  the  definitions  of  c  and  non. 

(d)  F(x0)(x0)  =  <3(xo)  for  a  constant  x0.  Preconditions  axe  G  £  T  and  the  enu¬ 
merability  of  Turing  machines. 

(e)  X  is  proved  in  two  steps: 
derive  X  from  cFxqxq  =  0  and 

derive  X  from  cFxqxq  #  0.  Preconditions  are  (d),  (c),  0  ^  1,  Vx(x  =  x), 

(H  V  and  the  definition  of  c. 


Figure  2  shows  a  proof  structure  of  the  proof  of  the  halting  problem. 


6 Proof  sketch:  Since  cF(x0z0)  =  cG(x0).  Case  1:  cF(z0*o)  =  0,  then  cG(x0)  =  0  then  cF(x0x 0)  =  1 
then  0  =  1.  Case  2:  cF(x0x o)  ^  0  then  cG(zo)  =  0  and  cF(ro*o)  =  1  then  cF(r0x0)  =  0  then  0=1. 
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Figure  2:  Proof  Structure  of  the  Halting  Problem 


3.1.4  Godel’s  Theorem 

The  following  mathematical  proof  is  taken  from  [11]. 

A  Godel  numbering  /  of  the  expressions  in  S  with  one  variable  is  assumed. 

Lemma:  The  predicate  R(xy)  which  states  that  the  proof  with  Godel  number  y  proves  the 
sentence  which  is  the  instantiation  <£x(x)  of  an  one- variable-expression  <f>x  with  Godel  number 
x  by  the  number  x  is  numeralwise  expressible  by  R(xy)  in  the  arithmetic  S. 

Consider  the  formula  Vy->R(xy).  It  has  a  Godel  number  p,  and  thus  Vy->R(xy)  =  <f>p(x). 
Now  consider  the  formula  <t>p(p),  i.e.,  'iy-'R(py)  which  contains  no  variable  free. 

Theorem:  If  the  number-theoretic  formal  system  S  is  consistent,  then  not  bs  <t>P(p)w,  and 
if  the  system  is  w-consistent,  then  not  bs  ~‘<f>p(p). 

To  reveal  the  similarity  between  the  proof  of  Godel’s  theorem  and  the  previous  proofs, 
we  introduce  a  function  w  which  can  be  defined  for  sentences  H  by  tr(H)  =  provable_inJ>  (H), 
i.e.,  w  is  a  function  from  object  language  sentences  to  meta-formulas.  By  the  lemma  above, 
we  have  w(<j>x(x))  =  w(f(xx))  =  3yR(xy).  Thus  a  logical  reconstruction  of  the  proof  is: 

1.  Indirect  proof 

Derives  -<Vg,x{g  G  E  — *  (x  €  N  — ^ ►  (( wg(x ))  V  (w->g(x))))  via  contradiction.  A 
weakened7  indirect  assumption  is  V<7,  x(g  G  E  — ►  x  G  N  — ►  ((wg(x))  V  (t/;-’^(x)))), 
where  E  is  the  set  of  all  expressions  in  S  with  one  free  variable. 

2.  Method  D-Godel  yields  the  contradiction.  In  more  detail,  D-Godel  includes  the 
derivations  of 


7Weakened  because  it  is  only  for  sentences  g(x)  with  y  6  E. 
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(a)  the  existence  of  G  with  G(x)  =  non  w(f(xx)),  which  is  substantiated  by  the 
definitions  of  formulas  and  of  w,  f  and  by  the  definition  non(F)  =  ->F. 

(b)  G  €  E.  Preconditions  are  the  definition  of  E  and  the  lemma  (that  provides 
G(x)  =  ->3yf2(xy)). 

(c)  /(xo)(*o)  =  G(x o)  for  a  constat  x0.  Preconditions  are  (b)  and  the  enumeration 
of  the  expressions  of  S  by  /. 

(d)  J..  This  is  shown  by  deriving  a  contradiction  from  ujGx0  Vti;->G(x0)8.  Precondi¬ 
tions  are  (8):  Vx((w(x)  — +  w(non(non(x))))  A(->u>(x)  —*  w(n<m(x)))),  the  second 
conjunct  of  which  is  the  indirect  assumption,  and  the  definitions  of  w,  R,  G,  the 
consistency  of  S,  and  the  u- consistency  of  S. 


In  order  to  obtain  a  version  of  the  method  which  is  better  comparable  to  Dl,  D2,  and 
D3,  we  additionally  introduce  a  characteristic  function  c  for  sentences  H  of  S  by 


c(H)  = 


( 


0  :  \-sH 
1  :  bs-tf 


Then  (8):  Vx((c(x)  =  0  — *  c(non(x))  =  1)  A  (c(x)  ^  0  — ♦  c(non(x))  =  0))  can  be  derived. 
Furthermore  the  proof  of  the  contradiction  can  be  replaced  by  a  subproof  starting  with 
assuming  cin(/(x0,Xo))  =  0  V  cu>(/(x0,  x0))  ^  0  as  an  instantiation  of  (HV  ->H).  Summarize 
this  new  version  D4  consists  of  the  subproofs: 

(a)  Show  the  existence  of  G(x)  with  G(x)  =  non  wf(xx).  Preconditions  are  the  defini¬ 
tion  of  formulas,  the  definitions  of  non,/,  and  (0):  Vg(g  €  E  —►  (x  €  N  — ♦  wg(x)  € 
set-of  jmeta-f  ormulas)). 


(b)  G  €  E  which  follows  from  (a)  and  the  lemma. 


(c)  f(x0)(x0)  —  G(x o)  for  a  constant  xo-  Preconditions  are  (b)  and  the  enumeration  of 

Ebyf. 


(d)  Vx((ctn/(xx)  =  0  — ►  cG(x)  =  1)  A  ( cwf(xx )  ^  0  — »  cG(x )  =  0))  which  can  be  proved 
using  (a)  and  (8). 

(e)  _L.  As  indicated  above,  J_  is  proved  starting  with 

ci/>(/(x0,  xo))  =  0  V  cw(f(x o,xo))  5^  0.  Relying  on  (d),  cw(f(x0,xo))  —  0  leads  to 
a  contradiction,  using  the  ^-consistency  of  S8 9,  (c),  and  0^1  (which  encodes  the 
consistency  of  S),  and  cto(/(xo,xo))  ^  0  leads  to  a  contradiction  as  well,  using  (c),  the 
definition  of  R ,  and  x  =  x. 


8Proof  sketch:  Assume  wG(z o),  then  H  G(xq),  then  exists  a  proof  pt  of  G(x0),  then  (-  R(xok),  then 
I — 'G(xo)  because  of  (8),  then  w->G(x o),  then  J.  because  of  consistency  of  S.  Hence,  ->wG(xo),  then  not 
exists  a  proof  of  G(x o),  then  R(xoO),  R(xqI)  . . .  are  false  because  of  (8),  then  I — >il(*o0)  •  ■  •  because  of  the 
definition  of  R,  then  I i  -Ny->R{x^y)  because  of  w-consistency  of  S,  then  I /  ->Gx o  because  of  the  definition  of 
G,  then  -<tu-<G(xo)  which  yields  the  contradiction  with  w->G(xo). 

9The  w-consistency  states  that  If  -<RJ(0y),  — . . .  then  I /  ->Vx->R{xy),  which  allows  to  deduce 
cG(xo)  =  1  — *  cwG(xo)  =  1. 
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This  proof  version  provides  a  larger  commonality  of  the  partial  proof  schemas  for  Dl,  D2, 
D3,  and  D4.  Figure  3  shows  the  proof  structure  of  a  proof  of  Godel’s  theorem. 


Figure  3:  Proof  Structure  of  Godel’s  Theorem 


3.2  The  Methods 

One  of  the  methods  in  all  four  proof  plans  is  Indirect  Proof: 


method:  Indirect  Proof 

parameter 

F:  formula,  A:  set  of  formulae 

preconditions 

postcondition 

A  hF 

constraints 

proof  schema 

1.  >F  b  ->F  (HYP) 

2.  A;->F  H  1  (PLAN) 

3.  A;  1-  -r->F  (— 1;2) 

4.  A;  b  F  (— D;3) 

procedure 

schema-interpreter 

A  method  that  jointly  represents  Dl  and  D2  is  D12,  where  (1)  is  the  indirect  assumption 
referred  to  in  Dl  and  D2,  equ  denotes  the  application  of  an  equality  axiom,  and  Method, 
denotes  submethods. 
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method:  D12 

parameter 

F:  function,  Ml,  M2:  structures,  U:  set,  H:  formula 

KGrarag 

6  A/2  — ♦  (x  €  All  — >  g(x)  6  U)) 

(1)  Vx3y(z 

€  M2  — ►  y  £  Ml  A  F(y)  =  x),  (6)  1  ^  0, 

preconditions 

(2)  VyVx(( 

x  £  Ml  — *•  g{x)  £  U)  — ►  g  £  Af2),(5)Vx(x 

=  x), 

(3)  U  C  domain(non),  (4)  0  €  U  A  1  €  U ,  (7)  ( H  V 

-H), 

mmmmi 

— *  non(z)  =  0)  A  (z  =  0  — >  non(x)  =1)) 

postcondition 

constraints 

1.  ; 

P 

3gVz(x  £  Ml  —*  g(x)  =  nonF(xz)) 

(comprehenj 
F ,  non,(0)) 

2.  ; 

t- 

Vz(x  £  Ml  — »  G(x)  =  nonF(xx)) 

(3D1  ) 

3.  ; 

h 

Vx(z  €  Ml  -*■  (F(xx)  =  0  -  G(x)  =  1) 

(Methodi,(8 

A  (F(xx)  ?  0  -  G(x)  =  0)) 

2) 

4.  ;  4 

h 

a  £  M 1 

(HYP) 

5.  ; 

1- 

F(aa)  =  0  V  F(aa)  ^  0 

((7)) 

6.  ;  6 

t- 

F(aa)  =  0 

(HYP) 

7.  ;  4,  6 

t- 

G(a)  =  . 

(VD,a£>,— 

D  4  6  3) 

8.  ;  4,  6 

(- 

G(a)  £  U 

(equ,(3)) 

9.  ;  9 

P 

F(aa)  0 

(HYP) 

10.;  4,  9 

P 

G(a)  =  0 

(VD,A£>,— 
D  4  9  3) 

11.;  4,  9 

1- 

C(a)  £  U 

(equ  (4)) 

12.;  4 

P 

G(a)  £  V 

(VD  5  8 

11) 

13.; 

P 

a  £  Ml  —  G(a)  £  V 

(— D4  12) 

14.; 

P 

GeM2 

(VD,~D,(2) 

13) 

proof  schema 

15.; 

P 

3x(x  £  Ml  A  F(z)  =  G) 

(VD(1)  14) 

16.; 

P 

F(*0)  =  G 

(3D  15) 

17.; 

t- 

F(x0,zq)  =  G(xo) 

(equ  16) 

18.; 

P 

(xo  €  Ml  — *  (F(xoXo)  =  0  — ♦  G(xo')  = 

1)  A  (F(x0xo)  ^  0  ->  G(z0)  =  0)) 

(VD  3) 

19.; 

P 

F(zo*o)  =  0  V  F(xo*o)  0 

(LEMMA) 

20.;  20 

P 

F{x  ozo)  =  0 

(HYP) 

21.;  20 

t- 

G{x0)  =  0 

(eq  20  17) 

22. ;  20 

P 

G(x  0)  =  1 

(AD, — ►  D 
18  20) 

23. ;  20 

1- 

0=  1 

(Al,equ,(5) 
22  21) 

24. ;  20 

1- 

1 

(AI,JLI,(6)) 

25.;  25 

t- 

F(x o*o)  ^  0 

(HYP) 

26.;  25 

P 

G(z0)  =  0 

(AD,— ‘D 

25  18) 

27.;  25 

1- 

F(*o*o)  —  0 

(equ  26 

17) 

28. ;  25 

P 

F(xozo)  =  0  A  ->F(zoXo)  =  0 

(Al  27  25) 

29.;  25 

P 

± 

( 11  28) 

30.; 

t- 

J. 

(VD  29  24 

J£) _ 

procedure 


schema-interpreter 


Some  Definitions 

In  the  following,  goals  and  assumptions  are  intended  to  be  sequents.  Since  in  general  proofs 
are  constructed  top  down  and  bottom  up,  we  construct  proof-plans  with  forward- methods 
used  in  forward  search  and  backward-methods  employed  in  backward  search.  For  instance, 
the  method  A-deletion  is  typically  employed  in  forward  search,  whereas  the  method  A- 
introduction  is  typically  employed  in  backward  search10. 

A  proof-plan  is  a  forest.  Its  trees  consist  of  sequent  nodes  and  verifiable  method  nodes, 
where  the  successor  of  a  sequent  node  g  is  a  method  node  M  and  the  successors  of  a  method 
node  are  sequent  nodes  gi,...,gn=  g,  such  that  the  following  “link  condition”  is  satisfied: 
a(post(M))  =  g  and  <r(pre(M))  =  g  for  a  substitution  a  (using  the  obvious  extension  of  a 
to  sequents  and  sequences  of  sequents). 

A  proof-plan  may  contain  forward-trees  the  sequents  of  which  are  assumptions  and  which 
are  constructed  by  forward  search.  It  may  contain  a  backward- tree  with  a  goal  root  node  and 
goals  as  sequent  nodes  which  is  constructed  by  backward  search  or  a  tree  which  combines 
the  backward-tree  with  forward-trees. 

The  planning  starts  with  a  root  goal  and  assumption  leaves  (0  h  T)  and  (0  F  F;),  where  F, 
is  a  proof-assumption,  or  Fi  €  KB,  where  KB  is  the  knowledge  base  of  axioms,  definitions, 
and  lemmas.  The  planning  proceeds  by  inserting  methods  and  sequents  satisfying  the  link 
condition,  always  aiming  at  closing  the  gap  between  leaf  goals  and  assumptions.  Leaf  goals 
that  axe  not  equal  to  an  assumption  are  called  open  goals.  As  soon  as  a  goal  g*  equals  an 
assumption,  the  two  nodes  collapse  and  thus  the  backward-  and  a  forward-tree  axe  combined. 
Then  gj  is  no  longer  an  open  goal  but  satisfied.  The  planning  terminates  if  there  are  no  open 
goals  anymore. 

In  a  proof-plan  V  a  node  N  is  termed  dependent  on  a  node  N',  if  N  is  an  ancestor  of  N' 
or  N'  is  an  ancestor  of  N  in  V.  A  sketch  differs  from  a  proof-plan  in  that  it  may  contain 
methods  which  are  not  verifiable.  Sketches  and  proof-plans  may  be  summarized  by  methods. 

3.3  Transferring  Methods  Analogically 

The  general  idea  of  analogy-driven  proof-plan  construction  detailed  in  [8]  is  to  use  a  source 
proof-plan  as  a  guide  for  constructing  an  analogous  target  proof-plan.  Specifically,  we  employ 
the  structure  and  the  methods  belonging  to  the  source  plan  or  somewhat  reformulated  and 
restructured  methods,  for  the  target  proof-plan. 

We  shall  utilize  the  analogy-driven  proof-plan  construction  for  analogically  transferring 
the  method  D12  of  Cantor’s  proof-plan  to  a  method  for  the  proof-plan  of  the  halting  problem. 
Actually  we  shall  transfer  a  proof-plan  summarized  by  D12  to  a  proof-plan  summarized  by 
Transferred  D3.  This  transfer  is  cognitively  substantiated  by  the  fact  that  mathematicians 
often  describe  their  proving  by  analogy  as  applying  a  method  used  in  another  proof  if  this 
method  is  named,  such  as  the  Diagonalization  method.  If  the  method  is  not  named,  then 
they  state  that  the  target  proof  is  done  analogously  to  the  source  proof. 

The  analogy-driven  proof-plan  construction  includes  two  different  kinds  of  mapping 
proof-plans  or  sketches,  reformulation  and  restructuring  as  characterized  below.  Reformula- 

10In  case  the  planner  searches  only  backward,  the  proof-plan  definition  and  the  analogy  procedure  are 
simplified  considerably. 
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tion  denotes  a  sequence  of  reformulations  which  are  triggered  by  a  source  sequent  or  method. 
Reformulation  aims  at  matching  a  source  goal  with  a  target  goal  or  as  many  preconditions  of 
a  source  method  with  target  assumptions  respectively.  Restructuring  aims  at  providing  sub¬ 
methods  of  the  source  plan  the  postcondition  (or  preconditions)  of  which  eventually  matches 
an  open  target  goal  (or  assumptions)  or  at  splitting  a  method  that  cannot  be  verified  in  order 
to  find  a  verifiable  submethod.  By  finding  a  verifiable  submethod  the  amount  of  work  left 
for  the  base-level  planning  is  diminished. 

Reformulations  p  map  a  proof-plan/sketch  to  another  plan/sketch  while  preserving  the 
proof-plan/sketch  structure.  A  set  of  admissible  reformulations  is  stored  in  a  data  base.  A 
reformulation  p  consists  of  a  mapping  of  methods  M  to  methods,  written  as  p  applied  to 
M,  and  mappings  of  sequents  P  to  sequents,  written  as  p  applied  to  P.  The  mappings  of 
methods  are  executed  by  so-called  meta-methods  that  may  change  all  slots  of  methods  but 
procedure.  Some  of  the  stored  meta-methods  are  Term-Mapping,  Homomorphy-Abstraction, 
and  Introduce-Function-Parameter.  The  changes  of  the  pre-  and  postconditions  by  the 
meta-method  establish  the  mapping  of  the  sequents.  If  p  is  applied  to  a  sequent  g  (or  to  a 
method  M)  of  a  plan  V,  then  p  has  to  be  applied  to  the  nodes  in  the  V  that  are  dependent 
on  g  (or  M).  (Imagine,  e.g.,  that  a  symbol  is  replaced  by  another  one  in  M,  then  it  has  to  be 
replaced  in  the  same  way  in  all  methods  and  sequents  dependent  on  M.)  Thus  a  reformulation 
in  analogy-driven  proof-plan  construction  is  not  only  dependent  on  p  but  also  on  the  node 
in  V  that  triggers  the  reformulation. 

Restructuring  maps  a  proof-plan/sketch  to  another  proof- plan/sketch  by  replacing  a 
sub-proof-plan  V  with  one  method  by  a  proof-plan  with  several  methods  while  preserv¬ 
ing  the  root  and  leaves  of  V.  We  refer  to  restructurings  that  are  executed  by  restruc¬ 
turing  meta-methods.  Some  of  these  meta-methods  are  Deduction-Theorem-Splitting, 
Conjunctive-Decomposition,  and  Apply-Axiom-Splitting.  For  a  more  detailed  motiva¬ 
tion,  description  and  examples  see  [9j. 

Table  1  shows  the  top-level  procedure  of  the  analogy-driven  proof-plan  construction.  The 
actual  analogy  procedure  is  embedded  into  the  planning  by  a  basic  planner.  Starting  with  a 
given  source  proof-plan,  target  assumptions,  and  a  target  goal,  the  output  of  the  procedure 
is  a  proof-plan  for  the  target  goal. 
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1.  Terminate  if  there  are  no  open  goals. 

2.  If  the  source  plan  is  exhausted,  then  base-level  plan  for  the  open  goals.  For  open 
goals  that  Me  not  establishable,  base-level  plan  for  the  closest  preceding  goal  or 
assumption  found  by  restructuring. 

3.  Get  next  sequent  P  from  the  source  plan.  The  sequent  is  either  an  assumption  or  a 
goal. 

4.  If  there  is  a  reformulation  p,  such  that  pP  matches  an  open  target  goal  or  a  current 
target  assumption  respectively,  then  go  to  step  7. 

5.  If  restructuring  possible,  then 

•  Restructure  and  update  source  plan. 

•  Go  to  step  3. 

6.  Go  to  step  2. 

7.  Reformulate  the  source  plan  by  p  and  triggered  by  P. 

8.  Select  for  the  target  the  method  M  chosen  in  the  source.  If  in  the  source  M  was  a 
forward-method,  then  go  to  step  13. 

9.  If  M  is  not  verifiable,  then  go  to  step  5. 

10.  Update  open  target  goals  and  current  target  assumptions. 

11.  Link  the  new  P  and  M  to  the  source  plan. 

12.  Go  to  step  1. 

13.  If  there  is  a  reformulation  p'  such  that  |mtssmp|  <  0,  for  missing  :=  set  of  precon¬ 
ditions  of  p'M  not  matching  a  current  target  assumption,  then 

•  Reformulate  the  source  plan  by  ft  and  triggered  by  M. 

•  Go  to  step  9. 

14.  Go  to  step  5. 

Table  1:  Outline  of  the  analogy-driven  proof-plan  construction 

The  following  specifics  are  to  note  in  Table  1:  Base-level  plan  in  step  2  denotes  the 
basic  planner  activity.  In  step  13,  6  is  a  threshold  usually  set  to  2.  A  goal  g  is  considered 
not  establishable  in  step  2,  if  neither  g  not  a  reformulation  of  g  holds  for  the  target.  This 
judgement  is  to  be  provided  by  the  user  and  may  reduce  the  search  notably. 

3.4  Transferring  D12  to  D3 

Let  D12  be  decomposed  into  submethods  according  to  the  dividing  lines  in  D12.  Since  we 
consider  only  a  transfer  from  method  D12  to  a  method  D3,  we  start  with  the  rerepresented 
halting  problem  and  the  assumptions  given  in  the  text. 

The  postcondition  is  (0  h  ±)  in  both  D12  and  D3  and  thus  it  does  not  require  any  refor¬ 
mulation.  The  analogical  transfer  of  D12  to  D3  replaces  the  submethod  with  postcondition 
(G  €  M2)  by  another  method  with  postcondition  ( G  €  M2)  found  by  base-level  planning 
because  a  precondition  similar  to  that  of  (2)  in  D12  is  not  establishable  in  D3.  Thus  the  jus¬ 
tification  for  ( G  €  M2)  becomes  a  new  method  Methods  that  provides  {G(x)  =  non  F(xz ;)), 
has  also  to  be  found  by  base-level  planning. 

Eventually  matching  the  assumptions  (8)  in  D12  and  D3  requires  an 
Introduce-Function-Parameter  reformulation  for  a  parameter  c  that  includes  the  map 
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(x  =►  cx)  for  all  x.  This  reformulation  has  to  be  applied  to  all  sequents  and  methods 
dependent  upon  (8)  in  the  source  proof  plan.  Figure  4  shows  the  dependencies  in  the  plan 
summarized  by  D12,  where  the  numbers  represent  proof  schema  lines  and  assumptions  as  is 


D12. 


□  operator 
o  goal  or  assumption 
\y  notestablishable 


\  ye? 

v  @)  (®) 


Figure  4:  Dependencies  in  the  proof-plan  summarized  by  D12 


Examining  the  current  proof-plan  shows  that  the  submethods  of  D12  represented  by  line 
4-14  and  line  15  -17  are  not  dependent  on  (8)  anymore.  The  analogy-driven  proof-plan 
construction  has  produced  a  proof-plan  that  is  summarized  by  the  method  Transferred  D3 
shown  below. 
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method:  Transferred  D3 

parameter 

F,  c:  function 
H:  formula _ 

non :  (partial)  function,  Ml,  M2:  structure, 

(l)vxdy(x 

€  M2  -*  y  €  Ml  A  F(y )  =  x),  (5)Vx(x 

=  x) 

preconditions 

(6)1  ^  0  (7 )H  V  -vff , 

(8)  Vx((cx 

37 

— *■  c  non(x)  =  0)  A  (cx  —  0  — *  c  non(x)  = 

ID _ 

postcondition 

X 

constraints 

l.  ; 

h 

Vx(x  €  Ml  — »  G(x)  =  non  F(xx)) 

(Meth 

2.  ; 

h 

G  e  M2 

(Methods) 

3.  ; 

h 

3*(*  e  Ml  A  F(x)  =  G) 

(AZ?(1)  1) 

4.  ; 

t- 

O 

II 

o 

«, 

E*, 

(3D  3) 

5.  ; 

h 

F(xo,xq )  =  G(x  o) 

(equ  4) 

6.  ; 

t- 

Vx(x  6  Afl  ->  (cF(xx)  =  0  -*  cG(x )  = 

(Methodi(8 

1)  A  ( cF(xx )  jt  0  -»  cG(x)  =  0)) 

1) 

7-  ; 

h 

(®o  €  Ml  — *  (F(x oxo)  —  0  —*  G(x0)  = 

1)  A  (F(*o*o)  ^  0  -*•  G(x0 )  =  0)) 

(VD  6) 

proof  schema 

8.  ; 

t- 

cF(xoXo)  =  0  V  cF(x 0*o)  #  0 

(LEMMA) 

9.  ;  9 

h 

cjP(xo®o)  =  0 

(HYP) 

10.;  9 

p 

cG(x  o)  =  0 

(equ.  9  5) 

11.;  9 

h 

cG(*o)  =  1 

(AD  — D  7 

9) 

12.;  9 

h 

0  =  1 

(Al,equ,(5) 
11  10) 

13.;  9 

i- 

± 

(Al,XI,(6)) 

14.;  14 

h 

cF(xoXo)  #  0 

(HYP) 

15.;  14 

h 

cCj(*o)  —  0 

(AjD,  D 
14  7) 

16.;  14 

i- 

cl^(xo®o)  =  0 

(equ  15  5) 

17.;  14 

h 

cF(*o*o)  =  0  A  ->cF(x  o*o)  =  0 

(AI16  14) 

18.;  14 

h 

X 

(XI 17) 

19.; 

t- 

X 

(VD  18  13 
8} _ 

procedure 

schema-interpreter 

Replacing  Methods  and  Methods  hy  method  variables  in  Transferred  D3  yields  the 
method  D123  which  can  be  used  in  proof- plans  of  Cantor’s  theorem,  of  the  uncountability 
of  IR,  and  of  the  halting  problem. 

Some  additional  remarks  on  changes  not  directly  belonging  to  the  transfer  of  D12  to  D3: 
If  the  decomposition  of  D12  was  not  given  at  the  beginning,  then  it  could  be  established  in 
the  cycles  of  the  analogy  procedure.  If  we  were  to  transfer  the  whole  proof  plan,  then  we 
would  need  to  find  an  appropriate  change  of  the  representation  of  the  halting  problem  by  a 
reformulation  employing  equivalences  modulo  the  theory.  The  employment  of  (8)  requires  a 
word  of  explanation.  Actually,  only  the  definitions  of  non  and  c  are  given  as  assumptions 
of  the  halting  problem  proof,  and  (8)  is  a  lemma  derived  from  these  definitions.  If  (8)  was 
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not  provided  as  a  lemma,  it  would  be  a  goal  that  is  not  in  the  current  state  and  to  be 
found  by  the  analogy  procedure:  In  step  13  a  possible  reformulation  of  (8)  of  D12  could  be 
created  by  Introduce-Function-Parameter,  since  instantiating  the  new  parameter  by  the 
characteristic  function  c  yields  (8):  Var((cx  /  0  — »  c  non(x)  =  0)  A  (ci  =  0  — *  c  non(x)  =  1)) 
which  can  be  established  as  an  assumption  for  the  halting  problem  proof. 

3.5  Transferring  D12  to  D4 

In  the  analogical  transfer  of  D12  to  a  method  D4  for  the  Godel  theorem  proof-plan,  a 
submethod  Methodai  for  (G  €  M2)  has  to  be  found  by  base-level  planning  because  a  pre¬ 
condition  similar  to  (2)  to  in  D12  is  not  establishable  for  D4.  The  assumptions  (0)  in  D12 
and  D4  require  an  Introduce-Function-Parameter  reformulation  (for  the  parameter  w) 
that  includes  the  mapping  (F  =$■  wF).  The  assumptions  (8)  of  D12  and  D4  require  an 
Introduce-Function-Parameter  reformulation  that  includes  the  mapping  (r  =>■  cx)  for  all 
i.  The  reformulations  have  to  be  applied  to  the  submethods  dependent  on  (8)  and  (0). 

Examining  the  current  sketch  shows  that  the  submethods  of  D12  represented  by  lines 
4  -  14  and  lines  15  -17  are  not  dependent  on  (8)  and  (0)  anymore.  Thus  the  respective 
reformulations  do  not  affect  these  submethods.  Up  to  this  point  the  analogical  transfer 
has  produced  a  sketch  that  is  summarized  by  the  method  (Transferred  D4)  shown  below, 
which  has  a  submethod  represented  by  line  7  -  18  of  the  proof  schema  that  cannot  be  verified. 
According  to  the  analogy  procedure,  this  submethod  has  to  be  restructured  at  the  places 
indicated  by  “gap”  in  order  to  transfer  as  much  as  possible  to  a  target  plan.  Two  additional 
submethods11  have  to  be  inserted  there,  (which  are  superfluous  in  the  case  of  D12)  for 
obtaining  verifiable  methods. 

The  submethod  Method^  to  be  produced  in  order  to  create  a  proof  plan  makes  use  of 
the  u>- completeness  of  S. 


uE.g.,  for  cG(*o)  =  1  h  ctuG(*o)  =  1  and  cG(x o)  =  0  H  cwG(x o)  =  0. 


16 


method:  Transferred  D4 

F, non,  c,  w:  function,  Ml,  M2:  structure,  U :  set,  H:  for- 
rniiU 


parameter 


ig(g  6  M2  -*  (i  €  Ml  -»  wg(x )  €  U)), 

(l)Vx3y(x  €  M2  — >  y  €  A/1  A  F(y)  =  x),  (3 )U  C 
domain(non)  (5)Vx(x  =  x)  (6)1  ^  0  ( 7)(H  V  -’//), 
(8)Vx((c(z)  ^  0  — »  c(non(j))  =  0)  A  (c(x)  =  0  — »  c(non(z))  =  1)) 


preconditions 


postcondition 


1 


constraints 


proof  schema 


l.  : 


4. 

5. 

6. 


7.  ; 


1-  Vx(x  G  Ml  — »  G(z)  =  non  wF(xx)) 


l)A(F(*oXo)^0-^G(*o)  =  0)) 


8.  ; 

9.  ;  9 

10. ;  9 

h 

h 

1- 

cwF(xo*o)  =  0  V  cwF(xoXq)  ^  0 
cwF(xoXo)  =  0 
cG(*o)  =  1 

11.;  9 

b 

gap  to  be  luiea  by  (Metnoa4j 

0  =  1 

12. ;  9 

b 

X 

13.;  13 

b 

cwF(x ozo)  #  0 

14.;  13 

b 

cG(zo)  =  0 

15.;  13 

b 

—  gap  to  be  filled  by  (Methods) 
crvF(x  oxo)  =  0 

16.;  13 

b 

cwF(xqXo)  =  0  A  -'CwF(xoXo)  = 

17.;  13 

h 

X 

18.; 

b 

X 

(comprehension) 


2.  ; 

b  G  €  M2 

(Methodai) 

3.  ; 

h  Vz(z  6  Ml  — +  (ctvF(xx)  =  0  -*  cG(x)  = 

1)  A  ( cwF(xx )  ^  0  — *  cG(z)  =  0)) 

(Methodi(8 

1) 

b  3z(z  €  Ml  A  F(x)  =  G)  (AD(1)  1) 

I-  F(x0)  =  G  (3D  4) 

I-  F(xo,*o)  =  G{x o)  (equ  5) 

- not  verified  submethod - 

H  (x0  €  -Ml  — ►  (F(xqXo)  =  0  — *  G(x0)  —  (VD  3) 


(LEMMA) 

(HYP) 

(AD  -*D  7 

9) 


(Al,equ,(5), 

(Al,XI,(6)) 

(HYP) 

(A A-  D 
13  7) 


) 


(equ,?  6) 
(AI  15  13) 
(XI 16) 

(VD  17  12 

M _ 


procedure 


schema-interpreter 


Again,  we  do  not  detail  the  rerepresentation  of  D-Godel  to  D4  that  does  not  belong  to 
the  very  transfer  of  D12  to  D4.  This  rerepresentation  is  carried  out  by  the  introduction  of 
the  characteristic  function  c  and  that  is  eventually  due  to  the  aim  of  matching  the  assump¬ 
tion  (8)  of  D12  with  (8)  of  D-Godel.  It  is  caused  by  an  Introduce-Funct  ion-Parameter 
reformulation  substantiated  by  introducing  a  characteristic  function  c  into  (8).  The  other 
changes  (introducing  the  new  step  (d)  and  changing  the  last  step  in  D-Godel)  appear  auto¬ 
matically  by  the  analogical  procedure.  The  parameters  have  to  be  instantiated  for  a  proof  of 
Godel’s  theorem  in  the  following  way:  non ,  c,w  as  defined  in  the  text,  F  by  the  enumeration 
of  E,  Ml  by  N,  M2  by  E  and  U  by  the  set_of_meta_formulas. 
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In  order  to  obtain  a  method  that  can  replace  Dl,  D2,  and  D4  in  the  three  plans  and  that 
closer  corresponds  to  the  principle:  “Make  a  and  an  differ  in  n” ,  the  additional  submethods 
are  moved  up  to  Method/2.  A  new  Method^  results  with  the  postcondition  (x0  €  Ml  -* 
(cwF(xoXq)  =  0  — ►  cwG(xq)  =  1)  A  (cwF(xqXo)  /  0  -*  cwG(x0 )  =  0)) 


method:  Methode 


parameter 


F, c,  w:  function,  Ml:  structure 
(9)Vx(x  6  Ml 


G(x)  =  non  wF(xx)), 

0- 

1)  A  (cwF(x0Xo) 


preconditions 


x((c(z)  jz  0  — »  c(non(»))  =  0)  A  (c(x)  =  0  — >  c(nonjx))  =  1)1 
'  =  6  — ►  cwG(xo)  =  1)  A  (cwF(zox0)  7^0 


[lo  6  Ml  -♦  (ewP(*o*o) 
cwG(xp)  =  0)) _ 


postcondition 


constraints 


I-  Vz(x  G  Ml  — ♦  (cwF(xx)  =  0  — ►  cG(x)  =  (Method!, (8  )X9)) 

i  \  a  /  n/  ..  .  \  /  /■</  \  a\\ 


proof  schema 


1. 

1)  A  ( cwF(xx )  5^  0  — ►  cG(x)  =  0), 

2.  ;  H  (xq  6  Ml  — ►  (F(xoXo)  —  0  — *  G(xq)  =  (VD  1) 

1)a(F(x0xo)#0^G(xo)  =  0)) 

2.  e<s(*o)i'=  1  H  ctuG(*o)  =  1  (PLAN4) 

3.  ecu* „);=  0  H  cwG(zo)  =  0  (PLAN5) 

4.  ;  h  ( xq  €  Ml  —*  (cwF(xoZo)  =  0  — *  cwG( x0)  =  (Methodyil 

_ 1)  A  (cwF(xnZn)  ^  0  —>  cwG(xn)  =  0)1 _ 2  31 _ 


procedure 


Note  that  the  method  variables  PLAN4  and  PLAN5  indicate  that  the  respective  methods 
differ  for  the  proof-plans  of  Cantor’s  and  Godel’s  theorem.  Because  of  the  instantiations  of 
the  parameter  w  by  the  identity  function,  the  methods  to  be  inserted  for  PLAN4  and  PLAN5 
are  trivial  in  all  cases  but  in  the  Godel  proof-plan. 

Employing  Method6  and  its  postcondition  instead  of  Methods  replacing  the  method 
represented  by  line  4  - 14  in  D12  by  the  method  variable  PLAN3,  and  omitting  preconditions 
different  in  D12  and  Transferred  D4  yields  the  method  D124  which  can  be  used  in  proof- 
plans  of  Cantor’s  theorem,  of  the  uncountability  of  1R,  and  of  Godel’s  theorem. 


3.6  The  Diagonal  Method 

Comparing  D123  and  D124  results  in  the  method  Diagonal  that  can  be  used  in  the  proof- 
plans  of  Cantor’s  theorem,  of  the  uncountability  of  IR,  of  Godel’s  theorem,  as  well  as  of  the 
halting  problem. 


12 A  means  for  moving  submethods  in  a  proof-plan  is  Bledsoe’s  precondition  prover  [1]. 
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method:  Diagonal 

parameter 

F,  c,  tv: 
ture,  H 

function,  non :  (partial)  function,  Ml,  M2: 
formula 

struc- 

(l)Vx3y(x  G  JW2  —  y  G  Ml  A  F(y)  =  x),  (5)Vx(x 

=  x) 

preconditions 

(6)0  +  1,  (7  )H  V 

(8)Vx((e(x)  4-  0  —  c(non(x))  =  0)  A  (c(x)  =  0  — *  c(non(x))  = 

M _ 

postcondition 

X 

constraints 

l.  : 

h  Vx(x  G  Ml  — *  (G(x)  =  non  toF(xx))) 

(PLAN2) 

2.  ; 

I-  GGM2 

(PLAN3) 

m 

H  3x(x  G  Ml  —  F(x)  =  G) 

(VD  (1)  1) 

4.  ; 

F(xo)  =  G 

(3D  3) 

5-  ; 

t-  F(xqXo)  =  G(xo) 

(equ  4) 

6.  ; 

1-  (cwF(xoXo)  =  0  —  cwG(x0)  =  1) 

(Methods) 

A  (cwF(zoXo)  #  0  —  cwG(xq)  =  0) 

7.  ; 

h  cwF(x oxo)  =  0  V  cwF(xqXo)  ^  0 

(LEMMA) 

8.  ;  8 

1-  cidF(xoxo)  —  0 

(HYP) 

proof  schema 

9.  ;  8 

1-  ctuG(xo)  =  0 

(equ.  8  5) 

10.;  8 

(-  cwG(xq)  =  1 

(AD  — D  6 
8) 

11.;  8 

T 

O 

II 

►—» 

(Al,equ,(5) 

9  10) 

12.;  8 

t-  x 

(Al,XI  (6) 
11) 

13.;  13 

h  ciuF(xoXo)  0 

(HYP) 

14.;  13 

I-  cwG(xo)  =  0 

(AD,— D 

13  6) 

15.;  13 

1-  cwF(xoXo)  =  0 

(equ  14  5) 

16.;  13 

P  ewF(xoXo)  =  0  A  ->cwF(xox0)  —  0 

(AI  15  13) 

17.;  13 

P  X 

(XI 16) 

18.; 

P  X 

(VD  17  12 
7) _ 

procedure 

schema-interpreter 

Diagonal  is  a  top-level  method,  which  means  it  represents  a  proof  idea  and  leaves  some 
methods  unspecified  which  prove  details.  The  method  variables  PLAN;  have  to  be  instan¬ 
tiated  for  particular  applications  of  the  Diagonal  method.  Basically,  PLAN1,  PLAN2,  and 
Method^  together  denote  the  unspecified  proof  of  what  is  often  called  the  “diagonalization 
lemma”  in  mathematical  diagonalization  proofs. 
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